Solved

VPN not working with TMG 2010

Posted on 2012-04-04
11
1,495 Views
Last Modified: 2012-05-05
Dear All,

I have TMG 2010 standalone array (2 servers), I configure the VPN, when I try to connect using VPN, it’s work fine, I can connect, but still I can’t see anything in my network.

When I check TMG, I found the error attached.

I attached the network configuration in my TMG servers and the Route Print.

What I have to do to make them work?

Thanks
route-print.JPG
IP-for-VPN-in-TMG.JPG
Internal-Addresses.JPG
error.JPG
0
Comment
Question by:ACS2012
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 
LVL 6

Accepted Solution

by:
emadallan earned 250 total points
ID: 37805365
0
 
LVL 2

Assisted Solution

by:jpvargassoruco
jpvargassoruco earned 250 total points
ID: 37805774
IP-for-VPN-in-TMG.JPG here I can see that you are using a diferent range of IP addresses, This range needs to be a part of this Internal-Addresses.JPG
Hope it helps
0
 

Author Comment

by:ACS2012
ID: 37814624
Hi all,

Now the VPN is work without error in the TMG, I can connect via the VPN and I can see my connection in the TMG server.

But i’m facing a problem; I can’t access anything in my network.

I check the IP taken via the VPN, it’s the same from the list which I specify in the VPN configuration.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:emadallan
ID: 37815625
try to create a dns rule in your both side of TMG that allow : source internal lan+ localhost+ vpnsite1 to connect to destination of your vpn site2 and vice versa
0
 

Author Comment

by:ACS2012
ID: 37815664
hi emadallan,

how i can do that?

is there a requirements to add a static route for the VPN IP range?
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37815676
no, it's not a problem of static route, just open your TMG Console and add a firewall rule that allow dns, smb(in case u want to access sharing files) protocols in both side of TMG
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37815687
this is an URL that describe the principales of creating a firewall rules, then you specify the protocols you want:
http://retrohack.com/let-me-out-configuring-outbound-access-rules-in-tmg-2010/
0
 

Author Comment

by:ACS2012
ID: 37815721
i already have a rule to allow everything between internal and VPN users
0
 
LVL 6

Expert Comment

by:emadallan
ID: 37816843
even if you have everythings rule!! it will not works, so create a specific rule as mentioned and make its priority before the everythings rule!!
0
 

Author Comment

by:ACS2012
ID: 37818883
i'm still face the same problem, the VPN user is connected but i can't access anything in the network.

please see the attached.
1.JPG
2.JPG
3.JPG
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 37825242
You could try looking at the session, with TMG logging, monitor for the username in question - Clientusername.

Other thing, do other router know for TMG VPN users network 172.16.105.1 - .125?
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In all versions of ISA Server and the current version of FTMG, the default https protocol uses TCP port 443 and 563 only. This cannot be changed within the ISA or FTMG GUI and must be completed from a Windows cmd prompt on the ISA Server itself. …
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question